Extracted

Extracted

Extracted

• • Target

    48b4426a01e7dd824aaf6f313fd91e5b4f7c831541041b0affa13ec2c9b0e232

  • Size

    1.4MB

  • MD5

    b79405af9db6ca8723414ea62649229e

  • SHA1

    b0c97a9d1f6b1616ccf51acadc537313d159fd46

  • SHA256

    48b4426a01e7dd824aaf6f313fd91e5b4f7c831541041b0affa13ec2c9b0e232

  • SHA512

    ccce02672d8dcc1f1cc2e557d7009c355776d05480b9c7f432579daee90c051c8865a9e5da455ec381ec0cba34cde3c40d0859efef44302d7b07ccdad8cf4e6d

  • SSDEEP

    24576:5ycByf8+RLTOoSevWCfseUjWrnCXe8NWDNKlKE5Q2UabUPDz5M1KB7y3Ows2aTaD:scgHV2eOCV7ke8NUKAE5LDbUPH5Mi+OZ

  Score

  10^/10

  amadeyredlineladamaridiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1